11-10-2010 05:31 PM
We are currently preparing a RUM POC for one of our clients and they have asked some security questions about our product. Below are some sample questions and I wonder if anyone can provide me some resources where I can find the answers. I believe other clients should have similar security questions and appreciate if anyone could help on this.
- are the devices security certified?
- does the platform support HSMs?
- can communication from agent/sensor to collector occur over mutually authenticated SSL?
- have the components in the platform been penetration tested?
- Deployment design (e.g.. SAZ)
- Data flows
- Review the policy that is deployed to the platform, including features such as private parameters and record-on-defect
Thanks in advance.